Details of VAR-202503-2772

ID

VAR-202503-2772

CVE

CVE-2025-2993

TITLE

Shenzhen Tenda Technology Co.,Ltd. of FH1202 Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2025-003187

DESCRIPTION

A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be obtained. The vulnerability is caused by improper access control caused by the operation of the parameter 'these' in the file /default.cfg. Attackers can exploit this vulnerability to perform remote attacks

Trust: 2.16

sources: NVD: CVE-2025-2993 // JVNDB: JVNDB-2025-003187 // CNVD: CNVD-2025-07532

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-07532

AFFECTED PRODUCTS

vendor:	tenda	model:	fh1202	scope:	eq	version:	1.2.0.14\(408\)	Trust: 1.0
vendor:	tenda	model:	fh1202	scope:	eq	version:	fh1202 firmware 1.2.0.14(408)	Trust: 0.8
vendor:	tenda	model:	fh1202	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	fh1202	scope:	-	version:	-	Trust: 0.8
vendor:	-	model:	tenda technology co.,ltd. fh1202	scope:	eq	version:	1.2.0.14(408)	Trust: 0.6

sources: CNVD: CNVD-2025-07532 // JVNDB: JVNDB-2025-003187 // NVD: CVE-2025-2993

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-2993
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-003187
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-07532
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2025-2993
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-003187
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-07532
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-2993
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-003187
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-07532 // JVNDB: JVNDB-2025-003187 // NVD: CVE-2025-2993

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	CWE-266	Trust: 1.0
problemtype:	Improper permission settings (CWE-266) [ others ]	Trust: 0.8
problemtype:	Inappropriate access control (CWE-284) [ others ]	Trust: 0.8
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-003187 // NVD: CVE-2025-2993

EXTERNAL IDS

db:	NVD	id:	CVE-2025-2993	Trust: 3.2
db:	VULDB	id:	302042	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-003187	Trust: 0.8
db:	CNVD	id:	CNVD-2025-07532	Trust: 0.6

sources: CNVD: CNVD-2025-07532 // JVNDB: JVNDB-2025-003187 // NVD: CVE-2025-2993

REFERENCES

url:	https://lavender-bicycle-a5a.notion.site/tenda-fh1202-default-cfg-1bc53a41781f806d8016cd4e73ca4d6f?pvs=4	Trust: 1.8
url:	https://vuldb.com/?id.302042	Trust: 1.8
url:	https://vuldb.com/?submit.523416	Trust: 1.8
url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-2993	Trust: 1.4
url:	https://vuldb.com/?ctiid.302042	Trust: 1.0

sources: CNVD: CNVD-2025-07532 // JVNDB: JVNDB-2025-003187 // NVD: CVE-2025-2993

SOURCES

db:	CNVD	id:	CNVD-2025-07532
db:	JVNDB	id:	JVNDB-2025-003187
db:	NVD	id:	CVE-2025-2993

LAST UPDATE DATE

2025-04-20T23:11:12.601000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-07532	date:	2025-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2025-003187	date:	2025-04-11T01:28:00
db:	NVD	id:	CVE-2025-2993	date:	2025-04-08T14:00:57.463

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-07532	date:	2025-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2025-003187	date:	2025-04-11T00:00:00
db:	NVD	id:	CVE-2025-2993	date:	2025-03-31T12:15:15.700